Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
This research focuses on identifying the environmental factors that impact an organization's ability, or lack thereof, to learn from cyber incidents: an organized and structural approach to address cybersecurity breaches with the aim of mitigating harm by minimizing the associated costs and the time required for recovery. The results of our research, based on an in-depth analysis of the data collected from interviews with 12 cybersecurity professionals on how their organization handled the massive SolarWinds attack, show that the practice of incident response often involves short-term and tactical steps as opposed to strategic initiatives, such as reframing of cyber policies, risk assessment processes, and proactive investment, which are more long-term in nature. We present the challenges that inhibit organizations’ capacity to strategically learn from cyber incidents related to internal environment, as well as micro- and macro-environment and provide a discussion on how organizations could overcome these challenges.
Recommended Citation
Bulgurcu, Burcu and Mashatan, Atefeh, "Environmental Factors that Hinder an Organization’s Ability to Learn from Cyber Incidents: A Case Study on SolarWinds" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 4.
https://aisel.aisnet.org/hicss-57/st/digital_forensics/4
Environmental Factors that Hinder an Organization’s Ability to Learn from Cyber Incidents: A Case Study on SolarWinds
Hilton Hawaiian Village, Honolulu, Hawaii
This research focuses on identifying the environmental factors that impact an organization's ability, or lack thereof, to learn from cyber incidents: an organized and structural approach to address cybersecurity breaches with the aim of mitigating harm by minimizing the associated costs and the time required for recovery. The results of our research, based on an in-depth analysis of the data collected from interviews with 12 cybersecurity professionals on how their organization handled the massive SolarWinds attack, show that the practice of incident response often involves short-term and tactical steps as opposed to strategic initiatives, such as reframing of cyber policies, risk assessment processes, and proactive investment, which are more long-term in nature. We present the challenges that inhibit organizations’ capacity to strategically learn from cyber incidents related to internal environment, as well as micro- and macro-environment and provide a discussion on how organizations could overcome these challenges.
https://aisel.aisnet.org/hicss-57/st/digital_forensics/4